Filtered by vendor Arubanetworks
Subscribe
Total
584 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27084 | 1 Arubanetworks | 1 Arubaos | 2026-06-17 | N/A | 5.4 MEDIUM |
| A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Successful exploitation could enable the attacker to execute arbitrary script code in the victim's browser within the context of the affected interface. | |||||
| CVE-2025-27083 | 1 Arubanetworks | 1 Arubaos | 2026-06-17 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2025-27082 | 1 Arubanetworks | 1 Arubaos | 2026-06-17 | N/A | 7.2 HIGH |
| Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlying host operating system. | |||||
| CVE-2025-25039 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2026-06-17 | N/A | 4.7 MEDIUM |
| A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system. | |||||
| CVE-2025-23060 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2026-06-17 | N/A | 6.6 MEDIUM |
| A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering. | |||||
| CVE-2025-23059 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2026-06-17 | N/A | 6.8 MEDIUM |
| A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system. | |||||
| CVE-2025-23058 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges. | |||||
| CVE-2025-23057 | 1 Arubanetworks | 1 Fabric Composer | 2026-06-17 | N/A | 5.5 MEDIUM |
| A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface. | |||||
| CVE-2025-23056 | 1 Arubanetworks | 1 Fabric Composer | 2026-06-17 | N/A | 5.5 MEDIUM |
| A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface. | |||||
| CVE-2025-23055 | 1 Arubanetworks | 1 Fabric Composer | 2026-06-17 | N/A | 5.5 MEDIUM |
| A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface. | |||||
| CVE-2025-23054 | 1 Arubanetworks | 1 Fabric Composer | 2026-06-17 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an authenticated low privilege operator user to perform operations not allowed by their privilege level. Successful exploitation could allow an attacker to manipulate user generated files, potentially leading to unauthorized changes in critical system configurations. | |||||
| CVE-2025-23053 | 1 Arubanetworks | 1 Fabric Composer | 2026-06-17 | N/A | 6.5 MEDIUM |
| A privilege escalation vulnerability exists in the web-based management interface of HPE Aruba Networking Fabric Composer. Successful exploitation could allow an authenticated low privilege operator user to change the state of certain settings of a vulnerable system. | |||||
| CVE-2024-5486 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2026-06-17 | N/A | 5.8 MEDIUM |
| A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager | |||||
| CVE-2024-53672 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2026-06-17 | N/A | 4.7 MEDIUM |
| A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system. | |||||
| CVE-2024-51773 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2026-06-17 | N/A | 4.8 MEDIUM |
| A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized to do, including accessing the user's data and altering information within the user's permissions. This could lead to data modification, deletion, or theft, including unauthorized access to files, file deletion, or the theft of session cookies, which an attacker could use to hijack a user's session. | |||||
| CVE-2024-51772 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2026-06-17 | N/A | 6.4 MEDIUM |
| An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. | |||||
| CVE-2024-51771 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2026-06-17 | N/A | 7.2 HIGH |
| A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system. | |||||
| CVE-2024-42400 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2026-06-17 | N/A | 5.3 MEDIUM |
| Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. | |||||
| CVE-2024-42399 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2026-06-17 | N/A | 5.3 MEDIUM |
| Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. | |||||
| CVE-2024-42398 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2026-06-17 | N/A | 5.3 MEDIUM |
| Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. | |||||